So you Wanna Understand Bitcoin…
(Part 2)
Last post, I went over the basics of Bitcoin. This post goes beyond the basics into 2nd layer developments like the Lightning Network and Chaumian mints, current events, other currencies, and future possibilities. It also mentions some more basic information about wallet types and backing up your bitcoins.
Wallets
A bitcoin “wallet” is a piece of software or a device that holds the key to your Bitcoin addresses and allows you to send money and track your transactions. There are a couple types of Bitcoin wallets out there. Each type has its upsides and downsides.
Full node wallets download and verify the entire blockchain, and forward transactions around to the rest of the network (helping support the network). These wallets generally take at least a few hours to get up and running because downloading the entire blockchain takes quite a bit of time (tho options like assume-valid can substantially speed this up). Running a full node has the most security and privacy, since you don’t have to rely on any particular 3rd party to send you transactions relevant to your account.
By contrast, Light wallets don’t download and verify the entire blockchain and don’t forward transactions around the network. Light wallets rely on 3rd party servers to tell them when a transaction has sent money to them, and these wallets can use Simple-Payment-Verification (SPV) to verify that the transaction they have been sent is a valid part of a real block. These wallets don’t need much storage space and require far fewer computing resources to run. Because of this, these kinds of wallets are ideal for use on devices like mobile phones. Light wallets still don’t need to trust any 3rd party with their wallet keys, and the owner is still the only person who can possibly send bitcoins from their light wallet.
The least secure type of wallet is the Web Wallet or custodial wallet. These are wallets run by a 3rd party service. That service maintains the keys to that wallet, and gives users access via some kind of (usually proprietary) API or interface (eg usually via a website). By contrast to the full-node and light wallets, users of web wallets do have to fully trust their wallet provider. If the web wallet provider wanted to, they could spend your money without your consent (though there of course would probably be legal consequences for doing that).
Hardware wallets are wallets where the keys are held inside a hardware device of some kind. While running a software wallet is pretty secure, an attacker could steal your bitcoins if they find your (encrypted) wallet file *and* your wallet password (which decrypts that wallet file). This isn’t easy for an attacker to do, but it can happen if an attacker runs a key logger and secretly downloads files on your computer. With a hardware wallet, the attacker would have to steal your password *and* steal your physical hardware wallet device. This is significantly harder to do, since it can’t be done purely over the internet. Many users who have significant bitcoin holdings are turning to hardware wallets to securely store their money.
To use a hardware wallet, you generally plug the wallet into your computer and use either a full node wallet or light wallet to interact with the hardware device. Once its set up, all you need to do is plug it in and use your wallet like you would with any other wallet. Some hardware wallets have other means of being used that don’t require plugging them into a computer, like QR code scanning.
Backing Up and Securing your Bitcoins
Backing up your bitcoins is critically important to ensuring your bitcoins are safe. While web wallets should take care of backing up for you, if you have one of the other types of wallets, you’d need to do this yourself.
Modern full-node wallets and light wallets create a “wallet seed” that can be used to recover your wallet in case anything happens to your computer. You should back up this seed redundantly in multiple locations so if one copy is lost, you have other copies. It should ideally be copied to a durable medium like an optical disk (like the 1000-year Blue-Ray Mdisk) or metal plate (like the blockplate). Paper can be ok too, especially durable archival paper. Keep these in a secure storage location like in a fireproof safe or a bank safe deposit box. Storing the seed on other computers, hard drives, thumb drives, or cloud storage can be unreliable or insecure. If the seed is stored somewhere online, its possible a virus could facilitate theft of your seed and therefore your bitcoin. The Tordl Wallet Protocols is a good guide that goes into detail on how to create and use a secure bitcoin wallet. If you want to store a significant amount of bitcoin yourself, you should spend the time to understand how to keep it secure.
Problems with Bitcoin
Despite having unique benefits over traditional currencies, Bitcoin is still technology in-development and has it’s fair share of problems. Some of these problems have caused a lot of controversy and argument within the Bitcoin community over the years.
Volatility
One minor problem is Bitcoin’s volatility. Its not uncommon to see Bitcoin’s value fluctuate by 10% in a week, or 30% in a month. This makes some people nervous and can be a headache for merchants who want to accept bitcoins, but don’t want to hold onto those bitcoins. Bitcoin’s volatility is a function of having a low market capitalization (the total value of all bitcoin). This low market cap means that its easier for a single event or even a single organization to affect the price of the currency.
While its infeasible to know what bitcoin transactions are used for, its widely believed that most bitcoin transactions are for exchanging bitcoin for other currencies for investment or speculative purposes and that most Bitcoiners are simply hodling. Because the Bitcoin economy is still in its infancy (the vast majority of merchants aren’t taking bitcoins), the exchange rate is primarily driven by speculators, who tend to lose all rationality when negative-sounding news happens.
As the value of a bitcoin has risen and more people have bought or accept bitcoins, the volatility has decreased. Bitcoin is currently only about 4 or 5 times more volatile as major national currencies like the USD, JPY, and the GBP. If Bitcoin becomes more widely used as a currency to buy goods and services, the volatility will decrease drastically. It should be able to decrease well below the volatility of national currencies because Bitcoin’s equivalent of a monetary policy is crystal clear and basically set in stone, whereas national monetary policies change every year.
Regulations
Another problem with Bitcoin isn’t really bitcoin itself, but treatment of Bitcoin by governments. While Bitcoin is legal in most countries, a number of countries restrict it in various ways. Bitcoin is outright illegal in Algeria, Egypt, Morocco, Afghanistan, Bangladesh, Nepal, and China (or rather “not legal”). A number of other countries have banned its use by banks or have banned its use in transactions but allow holding and trading the currency.
Legality of Bitcoin around the world was in a gray area for a few years, but now most countries have set up various legal treatments of Bitcoin, either as a commodity like the US does, an asset like Norway does, or as a currency like Sweden does. While the legal standing of Bitcoin could change in any given country, it seems like the governments of the world are moving toward accepting it as a normal financial device of some kind. The fears that governments would attempt to crush Bitcoin seem to have played out much less pessimistically.
The Blocksize Wars of 2017
The problem that has caused the most uproar is the scaling debate. Bitcoin can only handle a sustained rate of 7 on-chain transactions per second. Bitcoin has grown so much that it has reached this limit. This means that when demand goes up, instead of more transactions being made, transaction fees simply increase as transactions compete for space on the blockchain. Back in the ancient days of 2016, Average fees were as high as 40 cents/transaction, whereas currently the average fee has climbed to about $1.50/transaction, and occasionally this average gets up to upwards of $20/transaction when a lot of people really want their transaction to happen fast.
Many people (including yours truly) originally jumped on the Bitcoin bandwagon with starry-eyed ideas about a magical currency where you could send 1 cent or $1 million to anyone anywhere for free in an instant. Well reality hit with the weight of a 1000 tons of technical limitations. In 2017, many Bitcoiners wanted Bitcoin to achieve those attributes come hell or high blocksize. But others believed that on-chain scaling (ie things that would drive transactions per second up and transaction fees down by orders of magnitude) isn’t possible without giving away what makes Bitcoin a strong long-term store of value.
But there’s still the promise that technical improvements could allow us to reach something close to that starry-eyed dream.
The Blocksize Debate
Many proposed increasing the maximum block size from 1MB to 2MB, 4MB, 8MB, or higher. Doubling the block size would also double the number of transactions/second that can be supported, and would significantly reduce fees (probably back down to 2016 levels for a while). But there are problems with this solution.
Bigger blocks means the size of the blockchain (currently around 600GB) would grow at twice the rate. If Bitcoin were to scale up to the transaction volume Visa has (from Bitcoin’s 300,000 transactions/day to Visa’s 150 million), each block would have to be 250 MB, which would mean the blockchain would grow by over 13 terabytes/year. Even tho Bitcoin transactions won’t fill up that space immediately, the number of Bitcoin transactions more than doubled every year from 2010 to 2017 and at that rate would only take 10 years to reach the 150 million transaction/day milestone. This is while the number of GBs of hard drive space you can get for $1 is increasing only at about 15% per year. But maybe everyone will have 1000 terabyte drives in 10 years and that won’t be a problem.
A bigger problem with bigger blocks is the time it takes for the blocks to propagate throughout the network. Double the size of the block, double the transfer time. Why is this a problem, you ask? The problem is that this propagation time eats away at the precious time miners need to mine the next block, and well-connected large miners have an advantage here.
Currently, the majority (50%) of the network will receive new blocks within about 2 seconds. But if we had the 250 MB blocks necessary for Bitcoin to rival Visa, this propagation time would be about 8 and a half minutes long. This means that most of the network couldn’t even begin to mine on top of the right block until an average of less than 20% of their time is left. This would give a huge advantage to large, tightly-connected mining operations, which could lead to substantial security issues if most miners move to the same geographic place.
Many Bitcoiners decried block-size increases as being a major risk of centralization – ie centralized control over the longest blockchain and therefore also the consensus rules. In fact, a paper written by researchers at Cornell recommended that the maximum block size shouldn’t be increased any higher than 4MB. But here again, technology could save us… after a while. If internet bandwidth significantly increased, this problem would be less pronounced. But average internet speeds in the US are only increasing by 20% per year. At that rate, the size of blocks would quickly outpace internet speeds.
So tl;dr: Most in the Bitcoin community want to keep block sizes relatively small as-they-are, and think the big-blockers are short sighted. The big-blockers had their try by making forks of Bitcoin like “Bitcoin Cash” (which never took off) and “Bitcoin Diamond” (which is dead).
Since the block-size wars started, there have been two bitcoin soft fork up grades; Segwit and Taproot. Segwit (short for Segregated Witness) doubles the capacity of Bitcoin blocks and introduced a number of improvements that enabled the Lightning Network (more on this below). Taproot was an upgrade for transaction scripting that allowed more complex scripts without costing a lot of block space.
On-chain scaling will probably need to be a slow process as storage and network bandwidth becomes cheaper. Significantly larger block sizes aren’t safe at the moment, and allowing block sizes to grow slowly is the only way to scale on-chain transactions without putting Bitcoin at risk. But there are intriguing possibilities that could allow for a jump in block size without compromising blockchain security.
Solutions
In the recent past, several important scaling solutions have appeared. All of which significantly lower the minimum requirements of a bitcoin node. Assume-utxo allows nodes to start up much faster by not needing to wait to download and verify most of the block chain, speeding up start-up time Utreexo is still experimental but allows running a node without having to store the entire UTXO set, lowering its memory requirements. And while by no means new, a pruned node can delete parts of the blockchain after verifying them, drastically lowering its storage requirements.
In the future, zero-knowledge proofs and rollups could allow a node to verify the validity of a whole set of blocks with a single verification, drastically reducing the computing resources a node needs to fully verify the blockchain. A node that uses pruning, assume-utxo, Utreexo, and rollups could potentially be run with minimal computer resources, like on any mobile phone.
Mining protocols like Stratum V2 or DATUM may soon be used my mining pools, which would substantially reduce the concerns around miner centralization that block size increases might exacerbate.
But the greatest scaling gains to be made are with 2nd layer protocols.
The 2nd layer
While on-chain transactions are the first layer, the 2nd layer consists of protocols where people transact mostly off-chain and only bring something on-chain for a small or unlikely part of the protocol.
The first example of this was the Lightning Network, which uses a network of two-party payment channels to move value around the system. I’ll describe the Lightning Network in more detail below. Channel factories are a similar idea that allows more than two parties to be part of a channel. This can potentially be even more useful for scaling.
Another potentially important 2nd layer system is the Federated Chaumian Mint (or Fedimints for short), which is a decentralized group that can facilitate custodial payments where the custodian does not have knowledge of balances, transaction amounts, or account holder identities. While the Lightning Network still has scaling limitations related to on-chain limitations, liquidity requirements, and network routing concerns, Fedimints have far fewer scaling limitations. Transactions within a particular Fedimint can be nearly free and instant. In many ways, this is like a bank. The downside is that it introduces quite a bit more trust than either normal bitcoin or the lightning network do, but a lot less trust than a normal bank. Just like in a normal bank, there is still risk that the federated members collude to counterfeit claims on bitcoin or use the custodied funds in ways not sanctioned by the depositors. But this structure could allow bitcoin to truly scale to an entire world of people in a way that seems unlikely for the completely trustless technology in the near future.
Other 2nd layers like sidechains, state chains, rollup chains have the possibility of doing interesting things as well.
So you Want to Understand the Lightning Network…
The Lightning Network allows users to securely send Bitcoins off-chain and settle to the actual Bitcoin blockchain periodically. The Lightning Network can support to some degree an unlimited number of transactions per second with very low fees (~5 cents to send $10). The lightning network launched in 2018 and has successfully delivered on all its major promises. The lightning network is the way to buy a cup of coffee with bitcoin. Over $300 million worth of bitcoin are being utilized in the lightning network.
So what are the downsides of the lightning network?
One is a theoretical security risk, where if the main blockchain becomes too congested, channels may not be able to settle on the blockchain, which might allow some people to steal from their channel partner. However, the timing of the thief would have to be quite good, since for the thief to steal funds, they too will have to settle on-chain. At least anchor outputs make this more difficult for thieves in this theoretical scenario to steal much of significance.
Another theoretical downside is the fact that to join the lightning network, people need to create an on-chain transaction. Because of the limited transaction rate on the bitcoin block chain, if too many people want to join the lightning network, they might have to get in line.
The last downside of the lightning network is payment reliability, and this is a less theoretical downside. Because of how a route from one lightning node to another is found and how liquidity works on the LN, payments might have a hard time finding an appropriate path for payment. This might mean failed payments to some nodes that are not well connected. Further development of multi-path payments might help solve this occasional problem.
The Lightning Network (LN) is a payment network built on top of Bitcoin, meaning that it requires Bitcoin to operate and takes advantage of Bitcoin’s security.
There are two major parts of the Lightning Network:
Channels – A construct allowing two people to send an unlimited number of transactions to each other with only two transactions posted to the blockchain.
Multi-channel routing – A protocol for chaining transactions so people can send money to someone that they don’t have an open channel with.
Channels allow two people to make unlimited, free, secure transactions as long as neither party spends more than they committed to the channel. Multi-channel routing allows people to pay anyone in the Lightning network as long as there is a path of channels from the payer to the payee.
The following gets a little technical, so if you get bogged down, just skip to the section on Altcoins.
To open a two-way channel between Alice and Bob where they each put in 5 btc:
Either Alice or Bob create a multi-signature address that requires signatures from both Alice and Bob to send from. We’ll call this the opening address AO.
Alice and Bob both create a secret, hash that secret, and send each other their hash.
Alice then creates a special multi-signature address, which we’ll call the “anti-cheat address” AC_Alice1, that can be spent from under two conditions:
Alice can spend from AC_Alice1, but she can only spend coins that were sent to AC_Alice1 1000 blocks ago (about 1 week), or
Bob can spend from AC_Alice1 if Bob has Alice’s secret.
Bob does #3 for himself, mirroring what Alice did, creating anti-cheat address AC_Bob1.
Alice then creates a half-valid transaction that sends (Alice’s) 5 btc from AO to Alice, and (Bob’s) 5 btc from AO to AC_Bob1. Alice then gives this transaction to Bob. Bob again does the mirror of this. These are called the “commitment transactions“.
Finally, Alice and Bob each send 5 bitcoins to AO.
Once these steps are taken, the channel is open and can be used to securely send up to a net of 5 bitcoins in either direction *without* interacting with the blockchain at all! How is this done, you ask? Well, allow me to explain:
To make a lightning transaction that sends 1 btc from Alice to Bob:
Steps 2-5 (above) are repeated except that in step #5, instead of the transactions sending 5 btc to Alice/AC_Alice1 and 5 btc to Bob/AC_Bob1, 4 btc are sent to Alice/AC_Alice2 and 6 btc are sent to Bob/AC_Bob2. Note that Bob and Alice both create new secrets and hashes.
Alice and Bob give each other the secrets for the previous (now invalid) commitment transaction, which allows Alice to send from AC_Bob1 and Bob to send from AC_Alice1 (both anti-cheat addresses are now out-of-date and should never be sent to by honest actors at this point).
The latest commitment transactions serve as the working ledger between the two parties. In normal situations, these commitment transactions are never sent to the blockchain.
The commitment transactions are the crux of why the lightning network is trustless. In the case that, say, Bob misbehaves and posts an outdated commitment transaction, Alice and AC_Bob1 would both receive 5 btc. Bob could then create a transaction sending AC_Bob1’s bitcoins to himself, but since now Alice has Bob’s original secret, she can also send AC_Bob1’s bitcoins to herself. Since Bob would have to wait a week to send from AC_Bob1 to himself, Alice has time to notice the outdated commitment transaction posted in the blockchain and send AC_Bob’s bitcoins to herself instead.
This means that if either party tries to cheat by posting an outdated commitment transaction to the blockchain, the counter party can take all the bitcoins in the channel. This provides a strong incentive not to cheat.
This does mean that someone has to be online to watch for cheaters posting outdated commitment transactions. However, this can be delegated to 3rd parties who can watch the blockchain for you and collect a small fee if they post a successful anti-cheat transaction. A wallet does have to be online in order to accept money via the lightning network.
To close the channel, both parties sign a transaction from AO that settles to the same values as the latest commitment transaction. A commitment transaction itself isn’t generally used to close the channel, because they would both have to wait 1 week to see their money.
The last piece is multi-channel routing. I won’t get into the details here, but suffice it to say, there’s similar fancy hash-secret time-locked multi-signature addresses involved that allow a trustless end-to-end transaction no matter how many channel hops a transaction chain requires. And there’s also a nice clean way to find a sufficiently short path to your destination. If you want to read more, here’s another primer on the LN.
The Lightning Network can handle practically unlimited transactions per second, for almost-free, with the equivalent of instant confirmation speed. And because lightning transactions (other than opening and closing transactions) aren’t posted on the public blockchain, and because onion routing will be used, a lightning transaction is almost entirely private.
Altcoins
As of 2024, there are over 10,000 cryptocurrencies that have been created, 10 times as many as in 2017. Any cryptocurrency that isn’t Bitcoin is known as an “altcoin” – an alternative to bitcoin. Most of these currencies aren’t very interesting or are very experimental, and many are outright scams. Its important to do your due diligence if you plan on investing in any cryptocurrency. Make sure you understand why that currency has value and why it will retain that value, before investing.
Ethereum has been around for quite a while at this point, since 2015. The Ethereum system is all about “smart-contracts” where certain things are guaranteed to happen if some other condition is met. The Ethereum scripting language is turing complete (unlike Bitcoin), and therefore has a much greater range of scripting tools than Bitcoin does. This means there are some thing that Ethereum can do that are more difficult in Bitcoin. But by the same token, Ethereum isn’t focusing on being a currency. The goal of Ethereum is to enable running “decentralized applications” or Dapps for short. Because of the wider range of things that can be done with Ethereum, its blockchain has grown much faster than Bitcoin’s blockchain. Despite being just over half as old as Bitcoin, its blockchain’s size in gigabytes is about twice the size of Bitcoin’s.
While Ethereum originally used a Proof-of-Work mining system using the same principles as Bitcoin, in 2022 they switched to a Proof-of-Stake system called Casper. This was a huge change and there is a lot of skepticism that the change was wise. Its possible the system could work for a long time before catastrophically failing. However, so far it seems to have been a success as it has eliminated any significant electricity usage and has continued without major issues (at least that I’ve heard of). Theoretically a proof of stake system should be able to reduce the real costs of mining substantially, but its not clear that Ethereum has done that, as its average fees have not reduced significantly since they switched over.
One other thing about Ethereum is that it split into two different coins in 2015. After a bug in an Ethereum smart-contract called the DAO allowed someone to steal millions of dollars worth of Ether from a company controlled by the Ethereum developers, those developers decided to rewrite history to erase the transactions that stole their money. A significant outcry from some in the Ethereum community lead to some of them forking the Ethereum project and start another cryptocurrency that keeps the history as-is. This fork is called Ethereum Classic, and still exists with significant value, tho at about 1/500th the market cap in comparison to normal Ethereum. Many people still distrust the Ethereum core developers on the basis that they rewrote history to protect themselves.
All this said, its unclear how Ethereum competes with bitcoin or anything else in the market. Its still more of an experimentation system, and what the value of the currency Ether might eventually be is quite a lot less clear than for Bitcoin.
Monero is a private cryptocurrency based on the CryptoNote system, which uses ring signatures to make payments anonymous by default. If you haven’t heard already, Bitcoin is not actually anonymous – if anyone knows your wallet addresses, they can probably track your payments unless you’re very careful. Monero transactions have a random set of addresses added in, and no one except the payment receiver can know which address actually sent the payment.
The fact that Monero transactions are private make the money have a property called “fungibility” – which just means that you can’t tell the difference between one coin and another. This isn’t true for bitcoins where certain companies and government organizations blacklist certain bitcoin addresses that have some transaction in their past those companies don’t want to associate themselves with, or in the case of government organizations, don’t want anyone to associate with.
Until 2019, Riccardo Spagni, better known as Fluffypony, was a lead developers of Monero and one of the most well-respected figures in the cryptocurrency community, tho his sense of humor has upset a few people. Monero is one of the only major cryptocurrencies that didn’t have a period of pre-mining (where the developers hoard a significant chunk of the first coins created for a cryptocurrency). And Monero is one of the only altcoins that uses both well-vetted cryptographic techniques (eg ring-signatures) while also providing functionality that is significantly different from Bitcoin (true transaction privacy).
Monero does make a major trade off that differentiates it from bitcoin. The way it makes itself private means that no one can simply count up all the Monero coins in existence. As long as the cryptography is not broken, Monero cannot be created outside the programmed in emission rate, but if the cryptography *is* broken at some point in the future, someone could secretly inflate the supply of Monero without anyone knowing about it until it becomes obvious from inflation. Bitcoin doesn’t have this problem meaning that it is *unconditionally sound*. Monero is only *cryptographically sound* but as a result, it is *unconditionally private*, meaning that even if the cryptography is broken, the transactions cannot be deprivatized. This makes Monero’s privacy advantage one that will endure.
Monero is the top privacy coin and has been adopted by the dark web as a replacement for Bitcoin. There have been several countries that have not banned Bitcoin that have banned Monero, but it seems Monero is still legal in the vast majority of the world’s countries. The value of Monero should be based on the demand for private transactions. What that demand is, I’m not sure.
Other Altcoins
There are an enormous number of cryptocurrencies out there. Most are almost identical to Bitcoin. All are experimental. Other big cryptocurrencies out there include:
Tether, otherwise known as USDT, is a “stablecoin” which is a cryptocurrency issued by a centralized entity and managed such that the value is pinned to the dollar. The Tether company has (or at least claims it has) reserves backing all the USDT with real dollars. While Tether is the biggest stablecoin, there are others, like USDC and BUSD.
Cardano (ADA) is a cryptocurrency founded on the idea of basically creating a better Ethereum, one that uses proof of stake. Now that Ethereum is on a proof of stake system, Cardano is less unique, but it still has a place among the biggest cryptocurrencies.
Solana is basically Cardano but different. They’re branded as working on Web3, but basically all cryptocurrencies are relevant to Web3 (or “Web5”).
Ripple is a decentralized web-of-trust system for payments, where you can send a transaction of any type (“gold”, “bananas”, “hugs”) to someone as long as there is a chain-of-trust between you and the person you want to pay. So if A trusts B, and B trusts C, C can send to A without A directly trusting C. Ripple also has a currency called XRP (also often called “Ripple”, confusingly), that uses a trust-based consensus protocol to determine which transactions are part of the one-true-ledger. Where in Bitcoin you don’t need to trust anybody, in Ripple you need to specify who it is that you trust. While Ripple is not truly a cryptocurrency, it deserves a mention here because of the interesting currency-related things its doing.
Litecoin was the 2nd major cryptocurrency created. It’s basically Bitcoin where mining requires a lot more memory, and so might be easier to mine on non-specialized hardware. These days it doesn’t get a lot of attention.
Dogecoin is a joke currency that is basically identical to 2013 Bitcoin. Surprisingly, its still around, but I wouldn’t consider it to be serious.
Zcash/Zerocoin – Another privacy-focused cryptocurrency that uses zero-knowledge-proofs to make transactions private. While in Monero, each transaction has some small number of potential sources (5-21), in Zcash, all coins in the system are potential sources, which makes the privacy 100% untraceable. Originally, the proofs were expected to be around 25kb (vs Monero’s ~2kb and Bitcoin’s ~300 bytes), but apparently this has been brought down to “hundreds of bytes”. However the proofs are still computationally expensive, requiring at least 5GB of ram to create a transaction. Furthermore, zero-knowledge-proofs are a relatively new cryptographic technique and have had limited time to be well vetted for attack vectors. Beyond this, the system is owned by a private company that has come under fire for taxing 20% of mining revenue for the first 4 years, prompting a group of programmers to fork Zcash into a new currency called Ebitz. Also, Zcash has what’s known as a trusted setup, meaning that if the company that created Zcash is malicious, they could have kept a compromising key they told everyone that they destroyed, allowing them to steal people’s money.
Just remember: its safer to assume most altcoins are probably scams.
Conclusions
There’s lots going on in the world of cryptocurrencies. Bitcoin is still on top and likely to remain that way. There are a small handful of interesting cryptocurrency projects out there, and they are changing the world faster than you might think.